1. Home
    2. /
  2. Manuals
    3. /
  3. Zonet
    4. /
  4. ZSR0104CP
    5. /
  5. 8
Page 36 / 63 Scroll up to view Page 31 - 35
Page
29
5.10 Firewall
1. DMZ Host Configuration
You can set up your personal computer or network-ready device to be a public or local DMZ
hosts. In general, Internet applications use only one unique port and can pass through a NAT
Router by enabling Virtual Server. However, some special applications need to implement
multiple ports, port ranges, dynamically assigned ports, and special protocols. ZSR0104C
SERIES can support the transparent pass-through of these special applications, such as FTP,
NetMeeting/H.323, MSN Messenger, etc. Enable
Local DMZ Host
when you have
problems running these applications. Besides, you can activate
Public DMZ Host
to set up
a server and retrieve the traffic initiated from the Internet.
A.
Local DMZ Host
To run the special applications, you can assign a device with a LAN IP address as
Local
DMZ Host
. Then any service request of application initiated from the Internet will be
forwarded to the dedicated LAN host with the LAN IP address.
For example, when you want to run NetMeeting to communicate with your friend on the
Internet, he /she cannot find your LAN host due to ZSR0104C SERIES NAT function.
However, after you assign the LAN IP address
192.168.1.2
as the Local DMZ Host, your
friend can call ZSR0104C SERIES Public IP address
140.112.8.8
and the service request of
NetMeeting will be forwarded to your LAN host with the LAN IP address
192.168.1.2
, as
Downloaded from
www.Manualslib.com
manuals search engine
Page 37 / 63
Page
30
illustrated Then you will be able to communicate with your friend via NetMeeting.
Besides, the other LAN clients behind ZSR0104C SERIES are still protected by its firewall,
and the traffic initiated from the Internet is denied to access these LAN clients
To activate Local DMZ Host, please check the
Enable
item and assign the LAN IP address
of the LAN host. Then click the button
Apply
to make your settings take effect.
B.
Public DMZ Host
To set up a server with a Public IP address when two or more public IP addresses are
available, you can assign a device with a Public IP address on the LAN side as
Public DMZ
Host
. ZSR0104C SERIES can provide tunneling service for data traffic between Public
DMZ Host and the Internet. As shown in the Figure 6-17, the Host with the Public IP
address
140.115.2.5
is assigned as Public DMZ Host. You can set it up as a server, and the
traffic initiated from the Internet will be forwarded to the Host with the Public IP address
140.115.2.5
. Besides, the other LAN clients behind the ZSR0104C SERIES are still
protected by firewall, and the traffic initiated from the Internet is denied to access these
LAN clients.
Downloaded from
www.Manualslib.com
manuals search engine
Page 38 / 63
Page
31
To enable Public DMZ Host, check
Enable
below Public DMZ Host and enter the public IP
address of the device you want to assign as the Public DMZ Host. Then click the button
Apply
to make your settings take effect.
The server in the Public DMZ is not protected by ZSR0104C SERIES firewall.
Please pay attention when you enable Public DMZ.
2. Anti PING and TCP/UDP Echo Attack
ZSR0104C SERIES can prevent Ping and TCP/UDP Echo Attack. To enable ZSR0104C SERIES
firewall against
Ping
and
TCP/UDP Echo Attack
, check
Denial of Service
Enable
and click the
button
Apply
at the end of page
to make your setting take effect.
Downloaded from
www.Manualslib.com
manuals search engine
Page 39 / 63
Page
32
3. URL Filter
If you want to restrict your LAN clients from accessing certain websites, enter the keywords of the
websites in the blank. ZSR0104C SERIES will examine the packet information when receiving the
packet with port 80 from the WAN. If it finds the listed keywords, it will drop the packet and LAN
clients cannot obtain the information from the website. Check the
URL filter Enable
and click the
Apply
button to make settings effective.
4. Port Filter
ZSR0104C SERIES Service Filter Firewall controls the LAN clients’ access to the Internet services
by specifying the port number of the service in the list.
A.
Disable
Checked this item, the LAN client can access to all Internet services.
B.
Blocking the following port
Checked this item, the LAN client cannot access to the following services.
For example, blocks port 21. The LAN client cannot access ftp in the Internet.
C.
Forwarding the following port only
Downloaded from
www.Manualslib.com
manuals search engine
Page 40 / 63
Page
33
Checked this item, the LAN client can access to the following services.
For example, forwarding port 21.The LAN client only can access ftp in the Internet.
Please refer to
Appendix B: Common Port Numbers
.
P
.
5.
MAC Filter
A.
Disable
Checked this item, the LAN client can access to Internet.
B.
Blocking the following Mac
Checked this item, the following Mac cannot access to Internet.
For example, blocks Mac address 00-60-67-79-0B-10. This client cannot access Internet.
C.
Forwarding the following Mac only
Checked this item, only the following Mac can access to Internet.
For example, forwarding Mac address 00-60-67-79-0B-10. Only this client can access Internet.
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4 / 5 based on 1 vote.

Popular Zonet Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top